Age | Commit message (Collapse) | Author |
|
|
|
A couple more cert1/2 strings updated, plus some disambiguating rhubarb.
|
|
Some tests had not been updated for the new cert because they were missing an X= log-line.
Updated those tests now.
|
|
Decided "unknown (reason)" in tls_peerdn was wrong, stripped that, added
replacement guard.
Moved cipherbuf construction to where it makes more sense, where peerdn
is extracted, so that setting the exim vars gets back closer to just
some pointer switching.
Fix missing failure check after handshake in client.
Fix tls.c tls_ungetc() and friends by pointing watermark vars at state
content.
Regenerated test-suite D-H params so we don't have too small values,
which was causing connection rejections.
Test-suite output where new test cert info is logged (there will be a
couple more, when I fix a lingering problem with tls_peerdn being unset
in client log-lines).
Give test-suite client command some --help.
|
|
|
|
Fix test-suite certs to not use MD5.
Document that we do not support MD5 certs any longer.
Make test-suite generate probably-correct gnutls-params filename for us.
|
|
Normalise TLSv1.2 to TLSv1.
Normalise AES256-GCM-SHA384 to AES256-SHA.
Make some test configs accept AES256-GCM-SHA384 in "encrypted =" ACLs.
Have test suite print final test id during abort, make it easier to track down.
|
|
GnuTLS code re-done, using cut&paste for preservation where appropriate.
Stop using deprecated APIs. Stop hard-coding lists of ciphers.
Use gnutls_priority_init() instead.
Turns tls_require_ciphers into a string in the GnuTLS case, not just
OpenSSL case.
Deprecate three gnutls_require_* options; now ignored but not errors.
(No warnings yet).
Added TLS SNI support.
Made the channel binding integration theoretically actually work. I had
it guarded by an #ifdef but the value used was an enum instead. Oops.
Fixed.
New code much more amenable to future work permitting TLS in callouts.
DH param sizes now chosen by GnuTLS maintainers, we use "normal"; that's
suddenly a lot more bits, so the saved filename was changed too.
(GNUTLS_SEC_PARAM_NORMAL).
DH param setup only done for servers now, since clients don't need/use
it.
GnuTLS a lot more robust to library negotiation using stuff we don't
support, error-ing out quickly for other authentication systems (PGP,
etc).
Renamed pseudo_random_number() to vaguely_random_number() which makes
the nature clearer.
GnuTLS now provides a vaguely_random_number() implementation, to match
OpenSSL.
Pull in <inttypes.h> to make the recent arithmetic changes compile on
MacOS.
Nuke test 2011 which related to the gnutls_require_* options now
non-functional.
|
|
|
|
|
|
|
|
|
|
|
|
Was not sending trailing dot.
Added test case to catch this.
fixes bug 1246.
|
|
|
|
|
|
Also add Retry command to more runtest testcase-fail possibilities.
|
|
|
|
Some discussion at http://bugs.exim.org/show_bug.cgi?id=817
Refer readers to Dan Bernstein's analysis of the issues.
Consensus seen from maintainers is that DJB is right on this point.
|
|
rule.
Fixes case 1003 for me (having a trailing ::).
|
|
Having looked further at the ratelimit code, the new output looks reasonable. The obscure
values of "19" derive from testing "per-byte", being the size of the test message.
|
|
|
|
Move to a table-driven approach for the parsing of "verify =".
|
|
The subtest does a readsocket (with 1s timeout) into a server
which closes immediately. The expected output in the testcase was null, the output
actually seen was the error-return expansion, which seems more correct.
Accepting the actual output.
|
|
|
|
|
|
bug 1224.
|
|
fixes bug 1226
Further investigation from Jeremy Harris showed the previous fix
left trailing whitespace on output which previously ended after
the permission bits (eg, test 0240).
This works better for me.
|
|
|
|
|
|
Trailing spaces were trimmed by commit 37acd760db
|
|
Add specific patterns to avoid when munging the output.
This is fragile and may still be broken outside my specific test environment.
|
|
Replace the lookup index char in sterr traces with a zero;
update testcase expected stderr files to match.
|
|
Update testcase output with now-expected info.
|
|
Additional "A=" authenticator info was added to log lines for rejections.
|
|
|
|
Jeremy Harris found ls output not parsing on SELinux systems. I
identified this as SUSv3's "optional alternate access method flag".
Jeremy wrote the patch, I adjusted a little.
fixes bug 1226
|
|
fixes bug 1228
|
|
|
|
|
|
|
|
|
|
I have also de-CVSed the ABOUT files and cleaned up a few
introductory comments.
|
|
|
|
fixes bug 1111
|
|
Fixes bug: 1104
|
|
Pipe transport option added in: 2fe767453007d1b015f52313d16dc61635085621
|
|
Output changed by:
Commit 86ae49a65fce504ebcf9c30ddff213cca71fb872
Fix wide character breakage in the rfc2047 coding
Fixes bug 1064
Patch frome Andrey N. Oktyabrski
|
|
Failed at test 178.
|
|
sudo needs to permit sudo w/o a TTY.
The config file used is the same for each test, the individual config
files are made available under a particular name. Correct that advice.
|